Index: utils.py =================================================================== --- utils.py (revision 0) +++ utils.py (revision 0) @@ -0,0 +1,35 @@ +def get_hexdigest(algorithm, salt, raw_password): + from django.utils.encoding import smart_str + from django.utils.hashcompat import md5_constructor, sha_constructor + """ + Returns a string of the hexdigest of the given plaintext password and salt + using the given algorithm ('md5', 'sha1' or 'crypt'). + """ + raw_password, salt = smart_str(raw_password), smart_str(salt) + if algorithm == 'crypt': + try: + import crypt + except ImportError: + raise ValueError('"crypt" password algorithm not supported in this environment') + return crypt.crypt(raw_password, salt) + + if algorithm == 'md5': + return md5_constructor(salt + raw_password).hexdigest() + elif algorithm == 'sha1': + return sha_constructor(salt + raw_password).hexdigest() + raise ValueError("Got unknown password algorithm type in password.") + +def set_password(raw_password): + import random + algo = 'sha1' + salt = get_hexdigest(algo, str(random.random()), str(random.random()))[:5] + hsh = get_hexdigest(algo, salt, raw_password) + return '%s$%s$%s' % (algo, salt, hsh) + +def check_password(raw_password, enc_password): + """ + Returns a boolean of whether the raw_password was correct. Handles + encryption formats behind the scenes. + """ + algo, salt, hsh = enc_password.split('$') + return hsh == get_hexdigest(algo, salt, raw_password) Index: models.py =================================================================== --- models.py (revision 14203) +++ models.py (working copy) @@ -2,44 +2,17 @@ import urllib from django.contrib import auth +from django.contrib.auth.utils import set_password, get_hexdigest, check_password from django.core.exceptions import ImproperlyConfigured from django.db import models from django.db.models.manager import EmptyManager from django.contrib.contenttypes.models import ContentType from django.utils.encoding import smart_str -from django.utils.hashcompat import md5_constructor, sha_constructor from django.utils.translation import ugettext_lazy as _ UNUSABLE_PASSWORD = '!' # This will never be a valid hash -def get_hexdigest(algorithm, salt, raw_password): - """ - Returns a string of the hexdigest of the given plaintext password and salt - using the given algorithm ('md5', 'sha1' or 'crypt'). - """ - raw_password, salt = smart_str(raw_password), smart_str(salt) - if algorithm == 'crypt': - try: - import crypt - except ImportError: - raise ValueError('"crypt" password algorithm not supported in this environment') - return crypt.crypt(raw_password, salt) - - if algorithm == 'md5': - return md5_constructor(salt + raw_password).hexdigest() - elif algorithm == 'sha1': - return sha_constructor(salt + raw_password).hexdigest() - raise ValueError("Got unknown password algorithm type in password.") - -def check_password(raw_password, enc_password): - """ - Returns a boolean of whether the raw_password was correct. Handles - encryption formats behind the scenes. - """ - algo, salt, hsh = enc_password.split('$') - return hsh == get_hexdigest(algo, salt, raw_password) - class SiteProfileNotAvailable(Exception): pass @@ -237,11 +210,7 @@ if raw_password is None: self.set_unusable_password() else: - import random - algo = 'sha1' - salt = get_hexdigest(algo, str(random.random()), str(random.random()))[:5] - hsh = get_hexdigest(algo, salt, raw_password) - self.password = '%s$%s$%s' % (algo, salt, hsh) + self.password = set_password(raw_password) def check_password(self, raw_password):